Security vs Convenience
Security vs. Convenience: The more secure you are, the less convenient things will be, and vice versa. One thing we like to ask clients is “on a scale of 1-10, how secure do you want to be?” We follow up by saying that 1 is wide open and 10 is a total lockdown. If a client says 5, that means that they want to be about 50% secure. While 1 would be 10%, 3 would be 30%, etc., if a client adamantly says ‘10’, we have to say that the exception to the rule is that a ‘10’ is 99%, as nothing, unfortunately, is unhackable (it’s just the world we live in). Also, we advise clients that being a ‘10’(99%) is easier said than done, and it will require many resources and potentially a lot of funding.
Our advice is usually to start off aiming for a 7, which is where most security audit frameworks will get you, and then build from there. If you can get rid of most of your low hanging fruit, that usually is enough to dissuade most amateur hackers. However, there are many skilled hackers out there that, if they target you, there is little you can do, and the best thing you can do is be ready with a solid incident response plan. Trying to go from 0-100 in your security stance quickly is like asking someone to win a drag race on a bicycle against a Corvette. This is why we always advise clients that compliance is a minimum baseline, and that even getting to this level is an accomplishment. Once you get there however, you can bring your cyber security stance to higher levels at a realistic pace.
For more information, or if you are in need of assistance, please contact us at firstname.lastname@example.org
Author: R. Scott Pierangelo
Silent Storm Security | Founding Partner MSCS, QSA, PMP, CISSP, CISA, CISM, CRISC, CGEIT, PCIP